Qualys Blog

www.qualys.com
2 posts

Thwarting SQL Injection: Defense in Depth

SQL as a language is vulnerable to injection attacks because it allows mixing of instructions and data, which attackers can conveniently exploit to achieve their nefarious objectives.

The root cause behind successful SQL injection attacks is the execution of user-supplied data as SQL instructions. This classic cartoon illustrates the perils of trusting user inputs, and how they can lead to a successful SQLi attack:

From the webcomic xkcd:

Did you really name your son Robert'); DROP TABLE Students;--

Continue reading …

The Importance of a Proper HTTP Strict Transport Security Implementation on Your Web Server

About 95 percent of HTTPS servers are vulnerable to connection hijacking, opening the door for hackers to launch man-in-the-middle and other devastating cyber attacks. That’s according to a Netcraft study released about a week ago. The reason for this concerning situation? Only 5 percent of HTTPS servers have a correct implementation of HTTP Strict Transport Security.

Continue reading …